File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
8e8393b4da86271fb6deb00c0cbb1a8f | 2d16a659b52e5140451259d6468e756e4dd9af95 | 0370d695bd1319c7bc61eff9dfec4dd10e63270680ac8776d3aac300f070ec12 | 1536:L6/m+isoPeLg9BGaFwCIycD1FKlpCTALvmAL0Ou4OkUcApQgEYa9YceGuY4:LcmFPeLg9QNBzuL | 102400 |
File Name |
---|
kp.exe |
Snort Class | Snort Alert | Count |
---|---|---|
N/A | No snort alerts generated | 0 |
AV Alert | AV Vendor |
---|---|
N/A | Symantec |
Generic.dx!zum | McAfee |
UDS:DangerousObject.Multi.Generic | Kaspersky |
Path | Folder Name |
---|
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 4B C6 62 04 26 34 54 6D D1 E2 DC 4A 7E 92 94 2F CC 87 F3 1D 69 52 7F 1E 67 4C B6 | 25 E3 52 7E CB 63 65 84 99 B8 EC 93 8D 38 77 BD EC 24 82 73 BA 5B 47 78 B7 23 B |
modified | HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19 | RefCount | 0x00000002 | 0x00000001 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/ControlSet001/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|---|
w.nucleardiscover.com | Standard query response A 60.190.223.75 |
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 60 | 56 | 4872 | 3368 |
17 | 3 | 0 | 525 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
888 | 6 | 60 | 56 | 4872 | 3368 |
1900 | 17 | 3 | 0 | 525 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
22:49:12 | 2011-06-08 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 94 | 888 | 14 | 1160 |
22:49:18 | 2011-06-08 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 94 | 888 | 10 | 600 |
22:49:23 | 2011-06-08 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 94 | 888 | 5 | 300 |
22:50:25 | 2011-06-08 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 16 | 888 | 13 | 1100 |
22:50:30 | 2011-06-08 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 16 | 888 | 10 | 600 |
22:50:35 | 2011-06-08 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 16 | 888 | 6 | 360 |
22:51:37 | 2011-06-08 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 514 | 888 | 13 | 1100 |
22:51:42 | 2011-06-08 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 514 | 888 | 10 | 600 |
22:51:47 | 2011-06-08 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 514 | 888 | 6 | 360 |
22:52:50 | 2011-06-08 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 640 | 888 | 13 | 1100 |
22:52:55 | 2011-06-08 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 640 | 888 | 11 | 660 |
22:53:00 | 2011-06-08 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 640 | 888 | 5 | 300 |
22:48:03 | 2011-06-08 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 3623 | 1900 | 1 | 175 |
22:54:36 | 2011-06-08 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|